EU privacy watchdogs are uniting to confront Uber over the breach of millions of consumers’ data that the ride-hailing app recently reported.

Data protection authorities from seven EU member states will coordinate their legal investigations into the breach, according to a news release that the so-called Article 29 group of privacy watchdogs published on Wednesday (29 November).

The Dutch data protection authority is leading the taskforce. Watchdogs from Italy, Spain, France, Germany, British and Belgium are also part of the group.

Their investigations of Uber’s potential missteps will remain national-level probes, and the authorities could fine the company separately in each country.

Watchdogs from the seven countries decided to coordinate their investigations during a meeting of national privacy watchdogs from EU countries on Wednesday in Brussels.

A spokeswoman for the French data protection authority said the taskforce’s goal is to make sure the different national investigations are consistent “as much as possible”.

The Austrian lawyer whose lawsuit toppled the infamous safe harbour data sharing agreement with the United States has set up an NGO focused on bringing more privacy cases to court.

The Article 29 group announced last week that it would discuss the case at the meeting, after Uber announced on 21 November that personal data belonging to 57 million of its users “around the world” was breached in 2016.

CEO Dara Khosrowshahi acknowledged that the company did not immediately alert consumers and drivers about the incident.

Uber said it will cooperate with the new taskforce. An Uber spokeswoman said she did not have information about how many of the 57 million users are in Europe.

A spokeswoman for France’s data protection agency said it had not yet identified the number of French people who were affected by Uber’s data breach.

UK data protection agency ICO said on Wednesday that data from 2.7 million user accounts in the UK was compromised by Uber’s security breach. ICO is still waiting for full reports detailing the kind of data that was swept up by the breach. Uber said last week that hackers exposed data including users’ names, email addresses and mobile phone numbers.

The Dutch data protection authority said in a statement on Wednesday that it is still investigating the incident.

A spokesman for the data protection authority in Berlin, where Uber is legally registered in Germany, said the office did not yet have any figures about how many German users were affected.

Privacy watchdogs in Germany’s 16 states oversee how companies comply with data protection rules, and the country’s federal authority is in charge of how public offices respect laws.

Companies will soon face steeper penalties for breaking EU data protection law and failing to report data breaches to authorities.

The sweeping new EU data protection regulation will increase the level of possible sanctions against companies when it comes into effect in May 2018. Under the stricter rules, national data protection authorities can slap firms with fines of up to 4% of their global turnover, or €20 million, whichever is higher.

Hackers are increasingly often using ransomware, blackmail viruses that demand ransom from the owner of the infected computer. One click on what looks like an ordinary email from a customer is enough to make the company a victim of extortion. EURACTIV.cz reports.

EURACTIV's editorial content is independent from the views of our sponsors.

Media is a pillar of democracy – as long as it can function properly. Now more than ever we need unbiased, expert information on how and why the European Union functions. This information should not be behind a paywall, and we remain committed to providing our content for free.

We know our readers value our reporting. We know journalism that covers the EU in a clear, unbiased way is critical to the future of the European Union. And we know your support is critical for ensuring this independent and free journalism.

Don’t take the media sector for granted. It was already fragile before the coronavirus pandemic. And as people can’t meet, media companies have lost a major source of revenue: events. EURACTIV is supported by a mix of revenue streams including sponsorships, online advertising, EU-funded projects, and policy debates. All of these sources of revenue are impacted by the current crisis.

While media struggles, disinformation thrives. We are already seeing fearmongering, fake news about the EU response, and increased threats to freedom of the press.

For more than two decades we have provided free, independent, multilingual reporting on the European Union. We continue to believe in Europe, and we hope you do too.

Your financial support at this critical time will allow our network of newsrooms across Europe to continue their work when Europe needs it most.

Contribute to our reporting

The need for fast, accurate and balanced information is always important. We value EURACTIV's good, independent journalism and support this initiative

Mella Frewen, Director General of FoodDrinkEurope

EURACTIV plays a vital role in bringing Europe closer to its citizens. EURACTIV has long recognised that the story of Europe has to be told across the continent, and not just in Brussels. We need to support a truly European and informed debate.